Mobile terminal apparatus

ABSTRACT

A mobile terminal apparatus checks if a user is a proper user based on the operation of the user and, if the result of authentication is negative, uploads predetermined data, which is part of data stored in a memory, to a predetermined server. After the transmission is completed, the mobile terminal apparatus erases the uploaded data from the memory. It is also possible to instruct the mobile terminal apparatus to upload and erase data from an external source using an electronic mail or a telephone tone signal sequence. This may protect data contained in mobile terminal apparatus that has been lost, from a person who improperly attempts to access the data.

CROSS REFERENCE TO RELATED APPLICATIONS

[0001] The present document is based on Japanese Priority ApplicationJP2003-061233, filed in the Japanese Patent Office on Mar. 7, 2003, thecontents in which being incorporated herein by reference to the extentpermitted by law.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates to a mobile terminal apparatus (inthis specification it may be also called simply a terminal in thepresent specification) such as cellular phone devices and a PersonalDigital Assistants (PDAs).

[0004] 2. Description of Related Art

[0005] Mobile terminal apparatuses such as cellular phones and apersonal digital assistants (PDAs) may to be lost or stolen because ofits portability. When a mobile terminal apparatus storing personalinformation such as telephone book data, memo data, and electronic mail(email) data is stolen or lost, data including the personal informationmay be improperly accessed or altered.

[0006] Although attempts have been made for assuring security againstunauthorized access to data in a terminal when necessary through theintroduction of various types of authentication methods, theconventional authentication method is not necessarily effectiveconsidering the importance of personal information.

[0007] Japanese Patent Publication No. 2001-309431 discloses atechnology in which, when a notification indicating that a mobileterminal apparatus is lost is sent to the location registration centerof the mobile terminal apparatus, the location registration centercauses a base station to send a control signal to the mobile terminalapparatus to disable its key operation when the mobile terminalapparatus communicates with the base station and, after transferringinternal data to the database of the location registration center,causes the mobile terminal apparatus to erase the data.

SUMMARY OF THE INVENTION

[0008] The technology disclosed in Japanese Patent Publication No.2001-309431 requires the location registration center and a base stationto perform specific processing. That is, the location registrationcenter must manage and check a mobile terminal apparatus that isnotified as lost and, when the mobile terminal apparatus notified aslost communicates with a base station, performs special processingincluding the generation and control of a signal to disable the mobileterminal apparatus operation and to transfer data. Another problem isthat the user must notify the location registration center and wait forthe notification to be reflected on the processing of the locationregistration center and the base station.

[0009] There is therefore need of providing a mobile terminal apparatusthat protects data from those who intend to improperly access or browseinternal data, without requiring a location registration center and abase station to perform special processing.

[0010] There is also need of providing a mobile terminal apparatus thatmay protect data immediately when a need arises for protecting data orwhen a user gets notice of such situation.

[0011] There is still a need of providing a mobile terminal apparatusthat ensures that data in the terminal will be available for use even ifthe terminal is lost.

[0012] A mobile terminal apparatus according to a preferred embodimentof the present invention includes storage means for storing data;communication means for communicating data via a communication network;authentication means for checking if a user is a proper user based on anoperation of the user; and control means for transmitting predetermineddata, which is included in the data stored in the storage means, to apredetermined server via the communication means when the result ofauthentication by the authentication means is negative and, after thetransmission is completed, erasing the predetermined data from thestorage means.

[0013] The authentication means performs authentication processing basedon the user operation and, if the result is negative, the control meanstransmits the predetermined data from the storage means to the server tosave the data and, after that, erases the data. This method effectivelyprotects the data from being accessed/browsed or used improperly.

[0014] Although the predetermined data may be determined by default,means for allowing the user to specify desired data should preferably beprovided. Providing such means may allow the user to protect data notdetermined by default.

[0015] The authentication means performs authentication, for example,when the user attempts to access the predetermined data.

[0016] The data erase processing performed after the data is transmittedto the server may also be suppressed depending upon the type of data.Erasing data always requires the user to restore it at a later time. Ifthe erase processing is suppressed according to the importance orrelevance of the data, for example, if the erase processing is omittedfor data that should be saved but need not be erased, there will be noneed for the restore processing.

[0017] A mobile terminal apparatus according to another preferredembodiment of the present invention includes storage means for storingdata; communication means for communicating an email via a communicationnetwork; and control means for transmitting predetermined data to apredetermined server when a previously specified instruction is receivedvia a received electronic mail (hereinafter simply referred to as“email”) and, after the transmission is completed, erasing thepredetermined data from the storage means.

[0018] When a proper user finds that his or her mobile terminalapparatus is lost, the user may remotely instruct the mobile terminalapparatus to save the data stored in the mobile terminal apparatus andthen erase it. One proposed way of doing so is sending instruction viaan email. In this case, the control means may transmit data to theserver if at least one of the following two conditions is satisfied: onecondition is that the information on the sender of the email matches theinformation on the sender, which is stored/registered in advance, andanother condition is that the email is received a predetermined numberof times within a given length or period of time. This method rejects anunauthorized instruction from an external source.

[0019] Another method of allowing the proper user to remotely instructthe mobile terminal apparatus to save data stored in the mobile terminalapparatus and then erase the data is by means of a telephone tone signalsequence. That is, the mobile terminal apparatus includes storage meansfor storing data; means for automatically receiving a telephone call;means for accepting the input of the tone signal during an automaticcall receiving time; and control means for transmitting predetermineddata to a predetermined server when a predetermined tone signal sequenceis received and, after the transmission is completed, erasing thepredetermined data from the storage means.

[0020] The mobile terminal apparatus described above is not alwaysrequired to erase data but, when the authentication result ofauthentication means is negative, the mobile terminal apparatus is onlyrequired to transmit predetermined data, which is part of data stored inthe storage means, to the predetermined server via the communicationmeans. This method saves data in the server to ensure its availability.

[0021] When the result of authentication is negative, the control meansmay suppress the authentication processing for accessing data from beingexecuted at least for a given length of time. This preferred embodimentof the present invention does not save or erase data but suppresses theexecution of authentication processing to reduce the number ofauthentication retries. When the result of authentication is negative ina system where there are multiple authentication means, the controlmeans may switch the authentication means to an authentication means ofhigher level, i.e., an authentication means of higher complexity, forexample. As a result, it is possible to reduce the rate of success whenperforming retrial of authentication.

[0022] Suppression (or omission) of authentication processing andswitching of authentication means are also effective when data is nottransmitted (uploaded) to a server or data is not erased.

BRIEF DESCRIPTION OF THE DRAWINGS

[0023] The above and other features and advantages of the presentinvention will become more apparent from the following description ofthe presently exemplary preferred embodiment of the present inventiontaken in conjunction with the accompanying drawings, in which:

[0024]FIG. 1 shows a diagram showing an example of model of a system towhich a preferred embodiment of the present invention is applied;

[0025]FIG. 2 shows a block diagram of an example of configuration of amobile terminal apparatus in the system according to FIG. 1;

[0026]FIG. 3 shows a block diagram of an example of configuration of abase station/control station in the system according to FIG. 1;

[0027]FIG. 4 shows a block diagram of an example of configuration of aserver in the system according to FIG. 1;

[0028]FIG. 5 shows a flowchart of an example of first upload processingin a preferred embodiment of the present invention;

[0029]FIG. 6 shows a flowchart of an example of second upload processingin a preferred embodiment of the present invention;

[0030]FIG. 7 shows a flowchart of an example of third upload processingaccording to a preferred embodiment of the present invention;

[0031]FIG. 8 shows a block diagram of an example of configuration of amobile terminal apparatus corresponding to the third data uploadprocessing shown in FIG. 7; and

[0032]FIG. 9 shows a flowchart of data download processing according toa preferred embodiment of the present invention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS OF THE INVENTION

[0033] Preferred embodiments of the present invention will be describedin detail as follows, with reference to the accompanying drawings.

[0034]FIG. 1 shows an example of the model of a system to which apreferred embodiment of the present invention is applicable. The systemincludes a mobile terminal apparatus 100 that may be a cellular phone, abase station/control station 200, and a server 300. The base station andthe control station are shown as a station with the functions of bothstations. Although connected directly to the base station/controlstation 200, the server 300 may be connected via a gateway and acommunication network such as a public communication network.

[0035]FIG. 2 shows an example of configuration of the mobile terminalapparatus 100. A controller 120 controls the components of the mobileterminal apparatus 100 via a control line 150 and a data line 160. Acommunication circuit 102, connected to the control line 150,communicates audio and other kinds of data to or from the basestation/control station 200 via an antenna 101. A display unit 107,connected to the control line 150 and the data line 160, has a displaydevice or apparatus such as a liquid crystal display to display variouskinds of information. An operation unit 106, connected to the controlline 150, has, for example, various operation keys and a jog dial toaccept an input operation by the user. A memory 105, connected to thecontrol line 150 and the data line 160, has storage devices such as aROM, a RAM, and a flash memory to store various programs and data. Thememory 105 forms a data holding unit that will be described later. Anotification unit 108 may be composed of a vibrator, a LED or othermeans for visualization, for example. Such unit, connected to thecontrol line 150, notifies the user about an incoming call in a selectedway. A microphone 103 and a speaker 104, connected to the data line 160,send and receive audio data.

[0036]FIG. 3 shows an example of configuration of the basestation/control station 200. A controller 203 controls the components ofthe base station/control station 200 via a control line 250 and a dataline 260. A communication circuit 202, connected to the control line250, communicates sound and data to or from the mobile terminalapparatus 100 via an antenna 201. A memory 204, connected to the controlline 250 and the data line 260, has storage devices such as a ROM, aRAM, and a flash memory to store, for example, various programs anddata. A wired transmission line interface (I/F) 205, connected to thecontrol line 250 and the data line 260, is connected to an externaldevice via a wired transmission line 206.

[0037]FIG. 4 shows an example of configuration of the server 300. Acontroller 303 controls the components of the server 300 via a controlline 350 and a data line 360. A wired transmission line interface (I/F)301, connected to the control line 350 and the data line 360, isconnected to an external device via a wired transmission line 306. Amemory 304, connected to the control line 350 and the data line 360, hasstorage devices such as a ROM, a RAM, and a flash memory to storevarious programs and data. An external storage device 302, alarge-capacity storage device such as a hard disk device, is connectedto the control line 350 and the data line 360. An operation unit 305 hasinput means such as a keyboard and a pointing device to accept an inputoperation from the user. The server 300 may also have a display unit,not shown, including a display device.

[0038] The operation of this embodiment of the present invention will bedescribed below. In principle, data is uploaded in this embodiment fromthe mobile terminal apparatus 100 to the server to send the dataaccording to a predetermined condition and then the data in the mobileterminal apparatus is erased. Uploading in this embodiment means savingof data. The following describes three examples each of which showingdifferent factors that may trigger uploading.

[0039] Data to be uploaded in this embodiment may be predetermined datain the data holding unit or a folder (including a mailbox) of data. Inaddition to or instead of such data, data to be uploaded may be anyuser-specified data or folder. Data to be uploaded is called “specifieddata” in this specification.

[0040]FIG. 5 shows a first example of upload processing according to apreferred embodiment of the present invention.

[0041] When the first upload processing is used, it is supposed that atleast authentication is performed when data to be uploaded is accessed.That is, even if authentication is not set initially for data that isaccessed for browsing, authentication is automatically set when thedata, specified as data to be uploaded, is accessed for uploading.Authentication, which confirms whether the user is authorized to accessdata, is usually performed on a cellular phone by receiving a passwordand checking its validity. It has to be noted that the authenticationmethod is not limited to a password authentication method.

[0042] Referring to FIG. 5, when the user attempts to accesspredetermined specified data (Yes in S501), authentication processing isstarted, in step S502. For example, the user is requested to enter apassword and the entered password is compared with a registeredpassword, in step S502. If the passwords match, it is judged that theauthentication is successful (Yes in S503) and the data is displayed toallow the user to perform operations, for example, to add, change, ordelete data, as required, in step S509. If a password mismatch occursmore times than is pre-defined (No in S503), it is judged that anauthentication error has occurred and the key operation is disabled, instep S504. This temporarily disables the acceptance of a key operationfrom the user. The mobile terminal apparatus accesses the network totransmit the specified data to the server, in step S505. It is assumedthat server access information is saved in advance in the mobileterminal apparatus and that the authorized user of the mobile terminalapparatus has already been registered for the service provided by theserver. When the data transmission is finished (Yes in S506), thespecified data in the mobile terminal apparatus is erased, in step S507.After that, the disabled key operation is enabled, in step S508 and theprocessing ends.

[0043] The processing described above causes the server to “pump up” thespecified data upon detecting an authentication error when a user whodoes not know a password attempts to improperly access/browse thespecified data, thus preventing the user from improperly accessing thespecified data. As it will be described later, a proper user candownload this “pumped up” data back at a later time to the recoveredmobile terminal apparatus or to a separate new terminal.

[0044] The first example of upload processing shown in FIG. 5 starts itsfunction upon detecting an unauthorized access to a mobile terminalapparatus. It is also possible for a proper user, who has lost a mobileterminal apparatus, to remotely control the lost terminal via acommunication network for uploading and erasing the specified data. Thisprocessing, a second example of upload processing according to apreferred embodiment of the present invention will be described withreference to FIG. 6.

[0045] The second example of upload processing is started by a properuser sending a specific electronic mail (also called simply an email inthis specification) to a mobile terminal apparatus from which data is tobe uploaded. To allow the user to do so, a predetermined keyword isincluded in the header information of the email. For example, a mail issent to the mail address of the mobile terminal apparatus, for example,with a character string such as “*upload” in the Subject area of theemail. The Message area of the mail may be left blank or may contain afixed sentence in advance. A mail like this may be prepared in advancein the mobile terminal apparatus. The proper user is supposed to set thekeyword in the mobile terminal apparatus, in advance.

[0046] Referring to FIG. 6, upon receiving a mail (Yes in S601), themobile terminal apparatus checks the header information of the receivedmail, in step S602. If the mail is not an upload instruction mail as aresult of the checking (No in S603), usual mail processing is performed,in step S611. If the mail is an upload instruction mail (Yes in S603),verification is made if a predetermined condition is satisfied, in stepS604. The checking of this “predetermined condition” is anotherauthentication function added to the header information checking. Forexample, at least one of the following two conditions may be used as thepredetermined condition: one condition is that the sender information onthe mail (sender's mail address, sender's name, etc.) matches apre-registered sender information and another condition may be that theupload instruction mail is received a specified number of times within aspecified time period. Verification of such a predetermined condition ispreferably done when the header information checking is not enough, butthis verification/checking is not always required.

[0047] If the predetermined condition is not satisfied, control ispassed to step S611 to perform usual mail processing. If thepredetermined condition is satisfied, the key operation is disabled, instep S605. Then, the mobile terminal apparatus accesses the network andtransmits the specified data to the server in step S606. After thetransmission is finished, (Yes in S607), the specified data is erased,in step S608. Then, a response mail indicating that the specified datahas been uploaded and erased is returned to the sender of the uploadinstruction mail, in step S609. Such a return mail may also be preparedin advance in the mobile terminal apparatus as the template. After that,the disabled key operation is enabled, in step S610 and the processingis ended.

[0048] As described above, the second data upload processing allows theuser to upload the specified data stored in the mobile terminalapparatus and then erase it by sending an upload instruction mail fromoutside the mobile terminal apparatus.

[0049] Next, a third example of data upload processing according to apreferred embodiment of the present invention will be described withreference to FIG. 7. The third example of data upload processing issimilar to the second data upload processing in that the proper user ofa mobile terminal apparatus controls the lost mobile terminal apparatusremotely via a network except that the mobile terminal apparatus iscontrolled via sound, not by mail. In this case, the DTMF (Dual ToneMulti-Frequency) signal, called a tone signal, is usually used. Thissignal is an analog signal generated by pressing a touch-tone button ona telephone apparatus. Upon receiving a predetermined tone signalsequence, the receiver can recognize that a predetermined instruction isreceived from an external source.

[0050] More specifically, a mobile terminal apparatus such as a state-ofthe-art cellular phone has a function that places the mobile terminalapparatus in the message memo (answer phone) mode if a call is notanswered within a predetermined number of call rings. During thisresponse time, the input of the tone signal is accepted and, when thespecified tone signal sequence is received, the terminal can move tothis processing. Alternatively, after accepting a message memo, theterminal enters the automatic response mode to accept the input. In somecases, a malicious third party answers the call, in which case, theterminal cannot enter the automatic response mode. However, this thirddata upload processing is still useful when combined with other dataupload processing described above.

[0051] Referring to FIG. 7, when a mobile terminal apparatusautomatically receives a telephone call (Yes in S701), the mobileterminal apparatus enters the automatic response mode, in step S702, andperforms authentication processing, in step S703. The authenticationprocessing is performed, for example, by receiving a password andchecking if it is correct. If the authentication is not successful (Noin S704), the line is disconnected, in step S713) and the processing isended.

[0052] If the authentication is successful (Yes in S704) the mobileterminal apparatus accepts the command, in step S705). If this commanddoes not match the pre-registered command instructing to upload data(Yes in S706), the line is disconnected, in step S713, and theprocessing is ended. Several retries may be attempted before the line isdisconnected. Preferably, the command is a numeric string registered inadvance by the terminal user.

[0053] If the commands match (Yes in S706), the line is disconnected, instep S707, and the data upload processing is started. That is, the keyoperation is disabled, in step S708, and the specified data istransmitted to the server, in step S709. When the transmission is ended(Yes in S710), the specified data in the terminal is erased, in stepS711. After that, the disabled key operation is enabled, in step S712and the processing is ended.

[0054] It is possible that, after entering the automatic response modeand while the line is connected, an audio message created in advance maybe generated and sent to the calling party to notify him or her aboutthe operation guide and the operation result in response to theoperation performed by the calling party.

[0055] Although the line is once disconnected in step S707 for datacommunication, the line may be disconnected not in step S707 but afterthe processing is ended, if sound communication and data communicationcan be performed at the same time. In that case, an audio message,typically a voice message, may be sent indicating that upload processinghas completed. Alternatively, with a mail address (other that the oneallocated to the terminal) of the proper user registered in the terminalin advance, the notification message may be sent automatically to themail address when the upload processing is completed to notify the userabout the status.

[0056]FIG. 8 shows an example of configuration of a mobile terminalapparatus capable of performing the third data upload processing in FIG.7. This configuration is similar to the configuration shown in FIG. 2except that an automatic response unit 109 is added. The automaticresponse unit 109 at least has a function to accept the tone signaldescribed above and identify it and, preferably, an automatic voiceresponse function. The rest of the configuration is similar to thatshown in FIG. 2 and so will not be described in detail.

[0057]FIG. 9 shows data download processing that is performed to restoredata, uploaded to the server as described above, to a terminal accordingto an instruction from the user of the mobile terminal apparatus fromwhich the data was uploaded. The data does not need to be downloaded tothe mobile terminal apparatus from which the data was uploaded nor doesthe data need to be downloaded to a mobile terminal apparatus of thesame type. The user can also access the server from other terminals,such as a personal computer (PC).

[0058] It is supposed that a password for each user (user ID) is set inthe server 300 for use in authentication. The mobile terminal apparatus100 can browse the web page of the server via the base station/controlstation. The data of the specified web page is saved on the externalstorage device 302 of the server 300. When a mobile terminal apparatusaccesses the specified web page, in step S901, authentication processingis started, in step S902. During authentication processing, the username and the password are entered, for example, via the operation unit106 of the mobile terminal apparatus and the received information issent to the server 300 via the base station/control station. The serverauthenticates the user by comparing the received information with thepassword of each user stored in the server in advance. If the receiveduser name is not found or, if found, a password mismatch is found, theserver judges that an authentication error occurs (No in S903) and sendsa notification to the terminal indicating the error. In response to thisnotification, the terminal notifies the user about the error, in stepS904. Any notification method may be used; for example, a message isdisplayed on the display unit of the terminal, the LED is lit, a soundis generated, or a vibration is generated.

[0059] If the authentication is successful (Yes in S903) the user isrequested to select download items, in step S905. In this case, it ispossible to allow the user to select the saving destination of eachselection item. If data with the same name as that of a download item isalready in the selected saving destination, the data with the same nameis overwritten. It is also possible to omit the step of overwrite savingif it is found, as a result of comparison between the two, that the datato be overwritten is identical to the data of a download item.Alternatively, instead of overwrite saving, synchronization may beestablished between the two so that the old data is changed to the newdata. Authentication may be performed, not in the position shown in theflowchart, but after step S905.

[0060] Then, the selected data is downloaded, in step S906. If theuploaded data is fixed data (for example, address book, received mailfolder, etc.) and no selection is necessary, step S905 may be omittedand S906 turns simply into a step of downloading data.

[0061] The download is finished when “end notification” is received fromthe server (Yes in S907). At this time, a message is displayed, forexample, on the display unit to notify the user that the download isfinished, in step S908, and then the processing is ended. The server mayerase the downloaded data. This erasure may be done either automaticallyor upon receiving an instruction or agreement from the user.

[0062] Although the present invention has been described throughpreferred embodiments thereof, it is to be understood that the presentinvention is not limited to such embodiment but that various changes,modifications, combinations and sub combinations are possible withoutdeparting from the scope and spirit of the present invention.

[0063] For example, although a password authentication is used in theauthentication method in step S502 in FIG. 5, the authentication methodis not limited to this. For example, fingerprint authentication ispossible on a terminal with the fingerprint authentication interface.For a proper user, a fingerprint authentication error is less likely tooccur; therefore, a single authentication error (with no retry), iffound, could be regarded that an unauthorized person attempted to accessdata.

[0064] When multiple authentication methods are available, theauthentication method may be changed according to data that is accessed.Alternatively, multiple authentication methods may be combined. In thiscase, one of the following actions may be taken: (a) if an error isfound in one of the methods, control is passed to step S504; (b) when anauthentication error occurs, the authentication method is changed to theone at a higher authentication security level.

[0065] Although erased after being uploaded in the embodiment, data neednot always be erased. Alternatively, whether to erase may bepredetermined depending upon the type of data. In this case, the type ofdata to be erased may be either fixed or selected by the user. In eithercase, if data is not erased, it is preferable that data not be accessedat least for a given length of time (prevents authenticationprocessing). Instead, it is also possible that multiple authenticationmethods prepared in advance are used beginning with the lowest securitylevel method and, after an authentication error is found, a highersecurity level method is used. Although data need not be uploaded if noterased, the data may also be uploaded to ensure the data in the terminalafter the terminal is lost.

[0066] It is also possible that, with a security level assigned to alldata, whether or not the data is specified data, what authenticationmethod is used, and what processing (whether to erase, whether toupload) is to be performed after an authentication error is found areset automatically based on the security level. The user may also specifythem manually.

[0067] Although data itself is specified for uploading in the abovedescription, data to be uploaded may also specified at an applicationlevel. In this case, data to be uploaded is data related to theapplication.

[0068] Although whether the received password matches the registeredpassword is used as the match condition for password authentication inthe above embodiment, the question and answer authentication method isalso possible. That is, whether the user responds with an answer thatmatches the answer prepared for the user in advance may be used as thecondition.

[0069] Although a specified web page is accessed using a user ID, thespecified web page (URL) may be provided for each user to eliminate theneed for the user to enter the user ID.

[0070] After step S904 in FIG. 9, it is also possible to prevent theuser related data from being downloaded from the specified web page fora given length of time. In addition, the server may send a mail to theuser corresponding to the user name indicating that the user has made anauthentication error when issuing a download request. Because anauthentication error is sometimes generated because a proper userforgets the password, the mail may include the password to notify theuser again about the password.

[0071] After selecting items in step S905, it is also possible to allowthe user to browse and edit the selected data. Data can be easilyupdated (for example, a new item can be added to the address book) byaccessing the selected data via some other apparatus, editing the data,and downloading the data from the mobile terminal apparatus to establishsynchronization.

We claim:
 1. A mobile terminal apparatus comprising: storage means forstoring data; communication means for communicating data via acommunication network; authentication means for checking if a user is aproper user based on an operation by said user; and controller fortransmitting specified data among data stored in said storage means to aspecified server via said communication means when a result ofauthentication by said authentication means is negative, and erasingsaid specified data from said storage means.
 2. The mobile terminalapparatus according to claim 1, further comprising specifying means forspecifying said specified data.
 3. The mobile terminal apparatusaccording to claim 1, wherein said authentication is performed by saidauthentication means when a user attempts to access said specified data.4. The mobile terminal apparatus according to claim 1, wherein said dataerasing process performed after transmittal to said server is suppresseddepending upon type of said data.
 5. A mobile terminal apparatuscomprising: storage means for storing data; communication means forcommunicating an electronic mail via a communication network; andcontroller for transmitting specified data to a specified server when aspecified instruction is received via said received electronic mail anderasing said specified data from said storage means after saidtransmission is completed.
 6. The mobile terminal apparatus according toclaim 5, wherein said controller transmits data to said server only whenat least one of the following conditions (A) and (B) is fulfilled: (A)Information regarding a sender of said electronic mail matchespreviously registered sender information; (B) Said electronic mail isreceived a specified number of times during a specified period of time.7. The mobile terminal apparatus according to claim 5, wherein said dataerasing process performed after transmittal to said server is suppresseddepending upon type of said data.
 8. A mobile terminal apparatuscomprising: storage means for storing data; answering means forautomatically answering an incoming telephone call; receptor forreceiving a tone signal input at time of said automatic answering;andcontroller for transmitting specified data to a specified server whenreceiving a specified series of tone signals, and erasing said specifieddata from said storage means after said transmission is completed. 9.The mobile terminal apparatus according to claim 8, wherein said dataerasing process performed after transmittal to said server is suppresseddepending upon type of said data.
 10. A mobile terminal apparatuscomprising: storage means for storing data; communication means forcommunicating data via a communication network; authentication means forchecking if a user is a proper user based on an operation by said user;and controller for transmitting specified data included in data storedin said storage means to a specified server via said communication meanswhen a result of authentication by said authentication means isnegative.
 11. The mobile terminal apparatus according to claim 10,wherein said controller inhibits execution of said authenticationprocess of said authentication means at least for a period of time, whena result of authentication by said authentication means is negative. 12.The mobile terminal apparatus according to claim 10, further comprisinga plurality of said authentication means, wherein operation is shiftedto an authentication means of higher complexity among said plurality ofsaid authentication means when a result of authentication by saidauthentication means is negative.
 13. A mobile terminal apparatuscomprising: storage means for storing data; authentication means forchecking if a user is a proper user based on an operation by said userwhen a user attempts to access predetermined or specified data amongdata stored in said storage means; and controller for inhibitingexecution of said authentication process of said authentication means atleast for a period of time, when a result of authentication by saidauthentication means is negative.
 14. A mobile terminal apparatuscomprising: storage means for storing data; a plurality ofauthentication means for checking if a user is a proper user based on anoperation by said user when a user attempts to access predetermined orspecified data among data stored in said storage means; and controllerfor shifting operation to an authentication means of higher complexityamong said plurality of said authentication means when a result ofauthentication by said authentication means is negative.